Waking up from the cyber nightmare: keeping your tech secure
The third and final day of Ozwater’22 opened with a keynote address sure to send delegates to their laptop and smart phones to double check their security settings.
“I'm going to provide you with a few nightmares,” promised environmental scientist and futurist Dr Catherine Ball at the beginning of her presentation, The water industry as a cyber target: understanding risks and opportunities. What followed was sure to strike fear into the heart of even the most technologically savvy water professional.
Even before the COVID-19 pandemic, Australia was receiving 200 cyber attacks every second.
“This doesn't even start to scratch the surface of what we know is happening in terms of cyber warfare, particularly around critical infrastructure,” she said.
“The thing about cyber attacks is there are a lot of them, but there's been a lot of them for a very, very long time.”
She compared the impact of a cyber attack to a “dirty bomb set off over a reservoir” in terms of significance.
“I don't need to tell you just how critical the water industry is in terms of infrastructure,” Ball said.
“If you get taken out, we all get taken out.”
And while the number of attempted attacks was high before the pandemic began, the risks are even greater now due to the large numbers of people working from home.
“The truth is cybersecurity at home is not as good as the cybersecurity at work,” she said. “We have to remember when we're home working to be just extra safe and extra secure.”
She urged all delegates to ensure they were using multi-factor authentication for all of their online accounts.
“I have friends who are bigwigs in some of the big tech companies, and I have watched them get their Instagrams hacked, and then be held to ransom for US$500 equivalent in Bitcoin before they're allowed to have their Instagram back,” she warned.
“You need to make sure you back up your own personal access to your social media and everything that you work on with multi-factor authentication.”
One quality distinct to the water industry that presents particular challenges in terms of cybersecurity is that it combines some of the world’s oldest infrastructure assets with some of the world’s newest technologies.
“I'd suggest that maybe defence infrastructure is probably the closest thing to it in terms of complexity,” Ball said.
“There's a pathway of information forwards and backwards around how we manage our assets in a really unique way — the water industry is very unique in this.”
This has become an even more vexing challenge because the number of devices gathering data has extended the realm of cybersecurity far beyond computers.
“The next phase we're walking into now is not the Internet of Things; it’s the internet of bodies,” Ball said, explaining that she doesn’t wear smart devices for this reason.
“You might want to have a think about choices that we make when we passively donate our information to tech billionaires and make them lots of money.
“You have a digital twin set up — not only of your business, but also of you. They are creating digital chimeras of us as individuals, and this is a source of cyber threat, not only to you but to where you work.”
But Ball’s address was about cyber opportunities as well as risks, and one of these concerned the ability to respond to the growing threat of climate change.
“I'm working with DFAT now to build entire digital twins of the Pacific islands to then be able to scenario plan for cyclones, scenario plan for tsunamis [and] scenario plan so we know [what to do] when a cyclone comes in,” she explained.
“We warbook it. We do it things like oil spills, but we don't do it for bushfires. We do it for things like nuclear disasters, but we don't do it for tsunamis and floods.”
Because the water industry incorporates large complex infrastructure projects involving asset management and multifactorial data management, Ball said that presented cybersecurity opportunities.
“Look at the opportunities that this will bring for you and for your career to expand out how you talk about the water industry,” she said.
“If you get this right, a lot of industries will follow.”
Ball wrapped up her address with a homework assignment.
“Find a cyber qualification — you need to get up to speed with this, because all of our jobs are tied to cybersecurity,” she urged.
“You can do online qualifications in cybersecurity. You don't need to be able to write code; you can do a Cert-IV at TAFE, you could just do a graduate diploma — do something, please.”
Water industry professionals could even benefit from watching a TED Talk about cybersecurity, she said, or perusing the courses at Edx.org.
“You can get taught by the people that created the cybersecurity world about what cybersecurity is for free, and it'll take a couple of hours of your time over a couple of weeks, and you'll have some education around what cybersecurity is,” she said.
“Take home this idea that the future is personalised. Cybersecurity is your responsibility, no matter what part you work in the water industry.”